一桌菜，十几盘，有荤有素，有凉有热，怎么吃呢？你可以找一盘看起来好吃的，也可以找一盘离自己近的，都行。但是，得动筷子。不管怎么吃，最重要的是得动筷子。学技术也是一样。

有的人死活不动筷子，还不断念叨：“我要开始吃了。我马上就要开始吃了。我只要开始吃就能吃饱。我吃饱了就不饿了。你能不能告诉我该先吃哪一盘？先冷盘后热菜再喝汤这样是不是最好？但是我听说广东人都是先喝汤？这盘菜会不会太远了？这盘会不会太油腻？我吃饱了万一想拉屎你们这里有厕所吗？我真的马上就要开始吃了……为什么我现在还是饿？你能不能帮帮我？”

by tombkeeper @2017-11-28

如需配合目录食用请访问这里

在线漏洞库/知识库

• https://wooyun.shuimugan.com/
• http://cb.drops.wiki/
• http://wooyun.chamd5.org/
• http://wooyun.jozxing.cc/
• https://web.archive.org/web/20160628133257/http://www.wooyun.org:80/ （GFW）

在线知识库

• https://superkieran.github.io/WooyunDrops/#!/
• https://wooyun.js.org/
• http://www.vuln.cn/wooyundrops
• https://web.archive.org/web/20160628084846/http://drops.wooyun.org:80/ （GFW）

在线漏洞库

• http://bug.p0sec.net/
• https://web.archive.org/web/20160625075226/http://www.wooyun.org:80/bugs （GFW）

本地搭建

B/S型

https://github.com/hanc00l/wooyun_public

硬盘搜索型

• 链接: WooYun漏洞、知识库收集(超详细版) 密码: 28gr

• everything : search file by name on disk.
• agentransack/FileLocatorPro : search file by content on disk。

BREAK & WATCH

文档

• https://beginners.re/
• https://leanpub.com/web-hacking-101
• https://ctf-wiki.github.io/ctf-wiki/index.html
• https://www.gitbook.com/read/book/firmianay/ctf-all-in-one
• https://www.pediy.com/kssd/
• https://paper.seebug.org/
• http://evilcos.me/security_skill_tree_basic/index.html
• https://book.nmask.cn/

GitHub

• https://github.com/jekil/awesome-hacking/
• https://github.com/ctfs/
• https://github.com/joe-shenouda/awesome-cyber-skills
• https://github.com/CHYbeta/Web-Security-Learning
• https://github.com/qazbnm456/awesome-web-security
• https://github.com/tom0li/collection-document
• https://github.com/zardus/wargame-nexus
• https://github.com/sbilly/awesome-security

安全导航

• https://navisec.it/
• http://www.itxueke.com/SecNavi/
• http://shentoushi.top/
• https://www.anquanquan.info/

其他优秀资源

• https://speakerdeck.com/search?utf8=%E2%9C%93&q=ctf
• https://gotyour.pw/
• https://skills.bugbank.cn/
• https://hackmethod.com/roadmap/
• https://highon.coffee/
• https://silic.wiki/doku.php
• https://learnxinyminutes.com/
• http://www.opensecuritytraining.info/
• http://www.fuzzysecurity.com/index.html
• https://pentesterlab.com/bootcamp
• http://liveoverflow.com/
• https://rupigcute.wixsite.com/quantiumtown/rssindex
• https://raintrees.net/projects/a-painter-and-a-black-cat/wiki

GET HANDS DIRTY

练习平台

• http://shell-storm.org/repo/CTF/
• https://ctftime.org/
• https://www.vulnhub.com/
• https://exploit-exercises.com/
• http://cryptopals.com/
• http://overthewire.org
• https://pwnhub.cn/index
• https://cmdchallenge.com/
• https://www.hackthissite.org/
• https://microcorruption.com/login
• http://smashthestack.org/
• http://pwnable.kr/
• https://pwnable.tw/
• http://www.underthewire.tech/
• http://www.freebuf.com/sectool/4708.html
• http://www.hetianlab.com/
• https://lab.pentestit.ru/

ONLINE JUDGE

• https://ringzer0team.com/
• https://www.wechall.net/
• https://backdoor.sdslabs.co/challenges
• https://www.jarvisoj.com/
• https://ctf.katsudon.org/ctf4u/
• https://www.onlinectf.com/challenges/
• http://ksnctf.sweetduet.info/
• http://ctf.nuptsast.com/
• https://ctf.hackmethod.com/
• http://oj.xctf.org.cn/
• http://ctf.bugku.com/
• http://ctf.rookiehacker.org/
• http://www.shiyanbar.com/ctf/practice
• http://hackinglab.cn/
• https://hackme.inndy.tw/
• https://ctflearn.com/
• https://ctf.katsudon.org/

FOR FUN

• http://www.heibanke.com/lesson/crawler_ex00/
• http://web.onlinectf.com/cutezombie/web-app/
• http://riddle.arthurluk.net/pocket.php
• http://fun.coolshell.cn/
• http://monyer.com/game/game1/

HACKERS

• https://whereisk0shl.top/
• https://www.leavesongs.com/
• http://www.cnblogs.com/iamstudy
• https://sigterm.ch/
• http://xlab.tencent.com/cn/
• https://strcpy.me/
• https://ricterz.me/
• http://www.blue-lotus.net/
• http://217.logdown.com/
• http://sh3ll.me/
• http://jiangjiawei.pw/blog/
• https://dog.xmu.edu.cn/
• https://chybeta.github.io/
• https://hackfun.org/
• http://www.cnblogs.com/figure9/
• http://blog.csdn.net/v_july_v
• http://mslc.ctf.su/

MIND HACKERS

• https://livid.v2ex.com/
• https://www.byvoid.com/zhs/
• http://mindhacks.cn/
• http://www.matrix67.com/blog/
• http://www.ruanyifeng.com/home.html
• http://www.yinwang.org/
• https://www.scotthyoung.com/blog/
• https://blog.youxu.info/
• https://program-think.blogspot.com/

搜索

• https://google.com/
• https://www.exploit-db.com/google-hacking-database/
• http://search.chongbuluo.com/
• http://www.xilinjie.com/
• http://webcache.googleusercontent.com/search?q=cache:https://findneo.github.io
• https://web.archive.org/web/*/https://findneo.github.io

电子书籍

• http://www.banshujiang.cn/
• http://bestcbooks.com/
• https://salttiger.com/archives/
• https://www.it-ebooks.info/
• http://www.oreilly.com/programming/free/
• http://www.sxyj.net/
• https://www.jiumodiary.com/

安全相关

• https://tools.pediy.com/
• https://down.52pojie.cn/Tools/
• https://www.ctftools.com/down/
• https://github.com/zardus/ctf-tools
• https://github.com/P1kachu/v0lt
• https://www.zoomeye.org/
• https://www.shodan.io/
• https://fofa.so/
• https://quipqiup.com/
• http://factordb.com/
• https://koczkatamas.github.io/